Don't give user the exact exception description - portal - ARCHIVED- 2022-02-15 at the request of the project

diff options

author	Piotr Borelowski <p.borelowski@partner.samsung.com>	2019-05-10 12:23:48 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2019-05-28 17:12:04 +0200
commit	b9d4b9d9075f40bfcf1bef58c1738de4713e5e70 (patch)
tree	d7ce9a7ff7236599e23e0818adf13fed66cd1048 /ecomp-portal-widget-ms
parent	f9a1944a4b3cda8d9708087902a52baa40c0e2ea (diff)

Don't give user the exact exception description

The exact description of the exception especially if related to cryptography cannot be given to the user as it may be abused by the attacker. To fix that, we started to use @ExceptionHandler for all exceptions in the LoginController as well. CVE: CVE-2019-12121 Issue-ID: OJSI-92 Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8 Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com> Acked-by: Manoop Talasila <talasila@research.att.com>

Diffstat (limited to 'ecomp-portal-widget-ms')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: